<?php
function sql_html_injection($text)
{
	return mysql_real_escape_string(htmlentities($text));
}
?>